RubyGems - aws-sdk-acmpca - Versions diffs - 1.35.0 → 1.39.0 - Mend

aws-sdk-acmpca 1.35.0 → 1.39.0

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +20 -0
data/VERSION +1 -1
data/lib/aws-sdk-acmpca/client.rb +12 -7
data/lib/aws-sdk-acmpca/client_api.rb +2 -0
data/lib/aws-sdk-acmpca/types.rb +42 -9
data/lib/aws-sdk-acmpca.rb +1 -1
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d04817022fa4367102b398d2f979e2f076f2a9289beaf9f9b789f9a3405f1904
-  data.tar.gz: 40e3ddf003ceaa3c2390f4112a9648eb8fca9357f287af74585531fdfc518047
+  metadata.gz: 1fa9d7439b8b21d4ef93900a5e57d6dd8ddefd43e89cfbc0597228299b5f05f8
+  data.tar.gz: '087343fa72170890880edd39fa9b907a9fa949578ecaf0fbc603069c784ba794'
 SHA512:
-  metadata.gz: 9ce075366b23fb423a85d72b845980d37e1c370dce89b72159973df33ebad843aec8b839d188fd90988fac0e307a6e60b51036eb5e05694e7a52e6a950c3b811
-  data.tar.gz: 0f7dbdcdcb82244e9d57792407ecc8a94f59862360959d6d5dc843ab3671497b650882e90b8b7cef804e755f4e415688a45923e6f12e7a7db3b0708e0a9f7d69
+  metadata.gz: 7091bb3c5628289d193e0986479679cf1960b167a7e8448f09c8da966324a0dd820cd92d7907f70fe610896ff9067478668e84f18ee1713d7125d3d4543ffe92
+  data.tar.gz: f8c1ee3a1fd9b076d88bb3122f14fc9445bd3ad5d5871cf8a17bbaf455ce823c122dc7a41a215e05737cf66e1a9d822987c64c4b0f68f6a7914bc226f3339bb2

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
+1.39.0 (2021-09-01)
+------------------
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+1.38.0 (2021-07-30)
+------------------
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+1.37.0 (2021-07-28)
+------------------
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+1.36.0 (2021-05-26)
+------------------
+* Feature - This release enables customers to store CRLs in S3 buckets with Block Public Access enabled. The release adds the S3ObjectAcl parameter to the CreateCertificateAuthority and UpdateCertificateAuthority APIs to allow customers to choose whether their CRL will be publicly available.
 1.35.0 (2021-05-04)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.35.0
1	+ 1.39.0

data/lib/aws-sdk-acmpca/client.rb CHANGED Viewed

@@ -400,12 +400,13 @@ module Aws::ACMPCA
     #
     #   Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER
     #
-    #   Note: AWS Region ap-northeast-3 supports only
-    #   FIPS\_140\_2\_LEVEL\_2\_OR\_HIGHER. You must explicitly specify this
-    #   parameter and value when creating a CA in that Region. Specifying a
-    #   different value (or no value) results in an `InvalidArgsException`
-    #   with the message "A certificate authority cannot be created in this
-    #   region with the specified security standard."
+    #   Note: `FIPS_140_2_LEVEL_3_OR_HIGHER` is not supported in Region
+    #   ap-northeast-3. When creating a CA in the ap-northeast-3, you must
+    #   provide `FIPS_140_2_LEVEL_2_OR_HIGHER` as the argument for
+    #   `KeyStorageSecurityStandard`. Failure to do this results in an
+    #   `InvalidArgsException` with the message, "A certificate authority
+    #   cannot be created in this region with the specified security
+    #   standard."
     #
     # @option params [Array<Types::Tag>] :tags
     #   Key-value pairs that will be attached to the new private CA. You can
@@ -502,6 +503,7 @@ module Aws::ACMPCA
     #         expiration_in_days: 1,
     #         custom_cname: "String253",
     #         s3_bucket_name: "String3To255",
+    #         s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
     #       },
     #     },
     #     certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
@@ -996,6 +998,7 @@ module Aws::ACMPCA
     #   resp.certificate_authority.revocation_configuration.crl_configuration.expiration_in_days #=> Integer
     #   resp.certificate_authority.revocation_configuration.crl_configuration.custom_cname #=> String
     #   resp.certificate_authority.revocation_configuration.crl_configuration.s3_bucket_name #=> String
+    #   resp.certificate_authority.revocation_configuration.crl_configuration.s3_object_acl #=> String, one of "PUBLIC_READ", "BUCKET_OWNER_FULL_CONTROL"
     #   resp.certificate_authority.restorable_until #=> Time
     #   resp.certificate_authority.key_storage_security_standard #=> String, one of "FIPS_140_2_LEVEL_2_OR_HIGHER", "FIPS_140_2_LEVEL_3_OR_HIGHER"
     #
@@ -1801,6 +1804,7 @@ module Aws::ACMPCA
     #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.expiration_in_days #=> Integer
     #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.custom_cname #=> String
     #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.s3_bucket_name #=> String
+    #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.s3_object_acl #=> String, one of "PUBLIC_READ", "BUCKET_OWNER_FULL_CONTROL"
     #   resp.certificate_authorities[0].restorable_until #=> Time
     #   resp.certificate_authorities[0].key_storage_security_standard #=> String, one of "FIPS_140_2_LEVEL_2_OR_HIGHER", "FIPS_140_2_LEVEL_3_OR_HIGHER"
     #   resp.next_token #=> String
@@ -2329,6 +2333,7 @@ module Aws::ACMPCA
     #         expiration_in_days: 1,
     #         custom_cname: "String253",
     #         s3_bucket_name: "String3To255",
+    #         s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
     #       },
     #     },
     #     status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DELETED, DISABLED, EXPIRED, FAILED
@@ -2356,7 +2361,7 @@ module Aws::ACMPCA
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-acmpca'
-      context[:gem_version] = '1.35.0'
+      context[:gem_version] = '1.39.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-acmpca/client_api.rb CHANGED Viewed

@@ -126,6 +126,7 @@ module Aws::ACMPCA
     RevokeCertificateRequest = Shapes::StructureShape.new(name: 'RevokeCertificateRequest')
     S3BucketName = Shapes::StringShape.new(name: 'S3BucketName')
     S3Key = Shapes::StringShape.new(name: 'S3Key')
+    S3ObjectAcl = Shapes::StringShape.new(name: 'S3ObjectAcl')
     SigningAlgorithm = Shapes::StringShape.new(name: 'SigningAlgorithm')
     String = Shapes::StringShape.new(name: 'String')
     String128 = Shapes::StringShape.new(name: 'String128')
@@ -244,6 +245,7 @@ module Aws::ACMPCA
     CrlConfiguration.add_member(:expiration_in_days, Shapes::ShapeRef.new(shape: Integer1To5000, location_name: "ExpirationInDays", metadata: {"box"=>true}))
     CrlConfiguration.add_member(:custom_cname, Shapes::ShapeRef.new(shape: String253, location_name: "CustomCname"))
     CrlConfiguration.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape: String3To255, location_name: "S3BucketName"))
+    CrlConfiguration.add_member(:s3_object_acl, Shapes::ShapeRef.new(shape: S3ObjectAcl, location_name: "S3ObjectAcl"))
     CrlConfiguration.struct_class = Types::CrlConfiguration
     CsrExtensions.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsage, location_name: "KeyUsage"))

data/lib/aws-sdk-acmpca/types.rb CHANGED Viewed

@@ -754,6 +754,7 @@ module Aws::ACMPCA
     #             expiration_in_days: 1,
     #             custom_cname: "String253",
     #             s3_bucket_name: "String3To255",
+    #             s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
     #           },
     #         },
     #         certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
@@ -807,12 +808,13 @@ module Aws::ACMPCA
     #
     #   Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER
     #
-    #   Note: AWS Region ap-northeast-3 supports only
-    #   FIPS\_140\_2\_LEVEL\_2\_OR\_HIGHER. You must explicitly specify this
-    #   parameter and value when creating a CA in that Region. Specifying a
-    #   different value (or no value) results in an `InvalidArgsException`
-    #   with the message "A certificate authority cannot be created in this
-    #   region with the specified security standard."
+    #   Note: `FIPS_140_2_LEVEL_3_OR_HIGHER` is not supported in Region
+    #   ap-northeast-3. When creating a CA in the ap-northeast-3, you must
+    #   provide `FIPS_140_2_LEVEL_2_OR_HIGHER` as the argument for
+    #   `KeyStorageSecurityStandard`. Failure to do this results in an
+    #   `InvalidArgsException` with the message, "A certificate authority
+    #   cannot be created in this region with the specified security
+    #   standard."
     #   @return [String]
     #
     # @!attribute [rw] tags
@@ -984,6 +986,7 @@ module Aws::ACMPCA
     #         expiration_in_days: 1,
     #         custom_cname: "String253",
     #         s3_bucket_name: "String3To255",
+    #         s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
     #       }
     #
     # @!attribute [rw] enabled
@@ -1016,12 +1019,39 @@ module Aws::ACMPCA
     #   is placed into the **CRL Distribution Points** extension of the
     #   issued certificate. You can change the name of your bucket by
     #   calling the [UpdateCertificateAuthority][1] action. You must specify
-    #   a bucket policy that allows ACM Private CA to write the CRL to your
-    #   bucket.
+    #   a [bucket policy][2] that allows ACM Private CA to write the CRL to
+    #   your bucket.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
+    #   [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies
+    #   @return [String]
+    #
+    # @!attribute [rw] s3_object_acl
+    #   Determines whether the CRL will be publicly readable or privately
+    #   held in the CRL Amazon S3 bucket. If you choose PUBLIC\_READ, the
+    #   CRL will be accessible over the public internet. If you choose
+    #   BUCKET\_OWNER\_FULL\_CONTROL, only the owner of the CRL S3 bucket
+    #   can access the CRL, and your PKI clients may need an alternative
+    #   method of access.
+    #
+    #   If no value is specified, the default is `PUBLIC_READ`.
+    #
+    #   *Note:* This default can cause CA creation to fail in some
+    #   circumstances. If you have have enabled the Block Public Access
+    #   (BPA) feature in your S3 account, then you must specify the value of
+    #   this parameter as `BUCKET_OWNER_FULL_CONTROL`, and not doing so
+    #   results in an error. If you have disabled BPA in S3, then you can
+    #   specify either `BUCKET_OWNER_FULL_CONTROL` or `PUBLIC_READ` as the
+    #   value.
+    #
+    #   For more information, see [Blocking public access to the S3
+    #   bucket][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-bpa
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CrlConfiguration AWS API Documentation
@@ -1030,7 +1060,8 @@ module Aws::ACMPCA
       :enabled,
       :expiration_in_days,
       :custom_cname,
-      :s3_bucket_name)
+      :s3_bucket_name,
+      :s3_object_acl)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2868,6 +2899,7 @@ module Aws::ACMPCA
     #           expiration_in_days: 1,
     #           custom_cname: "String253",
     #           s3_bucket_name: "String3To255",
+    #           s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
     #         },
     #       }
     #
@@ -3073,6 +3105,7 @@ module Aws::ACMPCA
     #             expiration_in_days: 1,
     #             custom_cname: "String253",
     #             s3_bucket_name: "String3To255",
+    #             s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
     #           },
     #         },
     #         status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DELETED, DISABLED, EXPIRED, FAILED

data/lib/aws-sdk-acmpca.rb CHANGED Viewed

@@ -49,6 +49,6 @@ require_relative 'aws-sdk-acmpca/customizations'
 # @!group service
 module Aws::ACMPCA
-  GEM_VERSION = '1.35.0'
+  GEM_VERSION = '1.39.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-acmpca
 version: !ruby/object:Gem::Version
-  version: 1.35.0
+  version: 1.39.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-04 00:00:00.000000000 Z
+date: 2021-09-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.112.0
+        version: 3.120.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.112.0
+        version: 3.120.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement
@@ -77,7 +77,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="